Featured Research

First flaws in the Advanced Encryption Standard used for internet banking identified

Date:

September 1, 2011

Source:

Katholieke Universiteit Leuven

Summary:

Researchers have found a weakness in the AES algorithm used worldwide to protect internet banking, wireless communications, and data on hard disks. They managed to come up with a clever new attack that can recover the secret key four times easier than anticipated by experts. However the attack has no practical implications on the security of user data due to various complexities.

Related Articles

The attack is a result of a long-term cryptanalysis project carried out by Andrey Bogdanov (K.U.Leuven, visiting Microsoft Research at the time of obtaining the results), Dmitry Khovratovich (Microsoft Research), and Christian Rechberger (ENS Paris, visiting Microsoft Research).

The AES algorithm is used by hundreds of millions of users worldwide to protect internet banking, wireless communications, and the data on their hard disks. In 2000, the Rijndael algorithm, designed by the Belgian cryptographers Dr. Joan Daemen (STMicroelectronics) and Prof. Vincent Rijmen (K.U.Leuven), was selected as the winner of an open competition organized by the US NIST (National Institute for Standards and Technology). Today AES is used in more than 1700 NIST-validated products and thousands of others; it has been standardized by NIST, ISO, and IEEE and it has been approved by the U.S. National Security Agency (NSA) for protecting secret and even top secret information.

In the last decade, many researchers have tested the security of the AES algorithm, but no flaws were found so far. In 2009, some weaknesses were identified when AES was used to encrypt data under four keys that are related in a way controlled by an attacker; while this attack was interesting from a mathematical point of view, the attack is not relevant in any application scenario. The new attack applies to all versions of AES even if it used with a single key. The attack shows that finding the key of AES is four times easier than previously believed; in other words, AES-128 is more like AES-126. Even with the new attack, the effort to recover a key is still huge: the number of steps to find the key for AES-128 is an 8 followed by 37 zeroes. To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key. Note that large corporations are believed to have millions of machines, and current machines can only test 10 million keys per second.

Because of these huge complexities, the attack has no practical implications on the security of user data; however, it is the first significant flaw that has been found in the widely used AES algorithm and was confirmed by the designers.

Katholieke Universiteit Leuven. (2011, September 1). First flaws in the Advanced Encryption Standard used for internet banking identified. ScienceDaily. Retrieved March 3, 2015 from www.sciencedaily.com/releases/2011/08/110817075424.htm

More From ScienceDaily

More Computers & Math News

Featured Research

Mar. 3, 2015 — Major cities in the UK are falling behind their international counterparts in terms of their use of smart technologies, according to a new study. The research has found that smart cities in the UK, ... full story

Mar. 3, 2015 — To simulate chimp behavior, scientists created a computer model based on equations normally used to describe the movement of atoms and molecules in a confined space. An interdisciplinary research ... full story

Mar. 3, 2015 — Magnetic vortex structures, so-called skyrmions, could in future store and process information very efficiently. They could also be the basis for high-frequency components. For the first time, a team ... full story

Mar. 2, 2015 — The odds of picking a perfect bracket for the NCAA men's basketball March Madness championship tournament are a staggering less than one in 9.2 quintillion (that's 9,223,372,036,854,775,808), ... full story

Mar. 2, 2015 — Scientists report that they could observe experimentally the current flow along channels at the crystal surfaces of topological insulators. The channels are less than one nanometer wide and extend ... full story

Mar. 2, 2015 — Organic light emitting diodes (OLEDs), which are made from carbon-containing materials, have the potential to revolutionize future display technologies, making low-power displays so thin they'll wrap ... full story

Mar. 2, 2015 — What if one day, your computer, TV or smart phone could process data with light waves instead of an electrical current, making those devices faster, cheaper and more sustainable through less heat and ... full story

Mar. 2, 2015 — 3-D printing could become a powerful tool in customizing interventional radiology treatments to individual patient needs, with clinicians having the ability to construct devices to a specific size ... full story

Featured Videos

Forensic Holodeck Creates 3D Crime Scenes

Reuters - Innovations Video Online (Mar. 3, 2015) — A holodeck is no longer the preserve of TV sci-fi classic Star Trek, thanks to researchers from the Institute of Forensic Medicine Zurich, who have created what they say is the first system in the world to visualise the 3D data of forensic scans. Jim Drury saw it in operation.
Video provided by Reuters

Related Stories

Nov. 25, 2014 — Bitcoin is the new money: minted and exchanged on the Internet. Faster and cheaper than a bank, the service is attracting attention from all over the world. But a big question remains: are the ... full story

Mar. 20, 2014 — There are various ways to protect a wireless network. Some are generally considered to be more secure than others. Some, such as WEP (Wired Equivalent Privacy), were broken several years ago and are ... full story

Oct. 19, 2011 — Standards are supposed to guarantee security, especially in the WWW. The World Wide Web Consortium (W3C) is the main force behind standards like HTML, XML, and XML Encryption. But implementing a W3C ... full story

ScienceDaily features breaking news and videos about the latest discoveries in health, technology, the environment, and more -- from major news services and leading universities, scientific journals, and research organizations.